Point of sale pairing to wireless networks

ABSTRACT

Wireless pairing is automatically performed based on a purchase of a wireless product. When the wireless product is purchased, a unique product identifier and/or an account number (such as a credit card number) may be used to obtain one or more corresponding wireless network security credentials. Once the wireless network security credentials are identified, the wireless product may be paired to a wireless network based on the wireless network security credentials.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, and claims priority to each of,U.S. patent application Ser. No. 15/587,456, filed May 5, 2017, andsince issued as U.S. Pat. No. 9,911,111, which is a continuation of U.S.patent application Ser. No. 14/620,318, filed Feb. 12, 2015, and sinceissued as U.S. Pat. No. 9,680,822, with both applications incorporatedherein by reference in their entireties.

BACKGROUND

Wireless configuration is troublesome. Many people have difficultypairing wireless devices to a wireless network. As a result, many peopleare forced to seek expensive technical support.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The features, aspects, and advantages of the exemplary embodiments areunderstood when the following Detailed Description is read withreference to the accompanying drawings, wherein:

FIGS. 1-4 are simplified schematics illustrating an environment in whichexemplary embodiments may be implemented;

FIGS. 5-7 are more detailed block diagrams illustrating the operatingenvironment, according to exemplary embodiments;

FIGS. 8-9 are schematics illustrating mobile payment, according toexemplary embodiments;

FIG. 10 is a schematic further illustrating e-commerce pairing,according to exemplary embodiments;

FIGS. 11-13 are more schematics illustrating automatic pairing,according to exemplary embodiments;

FIGS. 14-16 are more schematics further illustrating network access,according to exemplary embodiments;

FIG. 17 is a schematic illustrating credential updates, according toexemplary embodiments;

FIG. 18 is a schematic illustrating a security system, according toexemplary embodiments;

FIGS. 19-23 are schematics illustrating further security solutions,according to exemplary embodiments;

FIG. 24 is a flowchart illustrating an algorithm for automatic pairing,according to exemplary embodiments; and

FIGS. 25-26 depict still more operating environments for additionalaspects of the exemplary embodiments.

DETAILED DESCRIPTION

Exemplary embodiments will now be described more fully hereinafter withreference to the accompanying drawings. Exemplary embodiments may,however, be embodied in many different forms and should not be construedas limited to the embodiments set forth herein. These embodiments areprovided so that this disclosure will be thorough and complete and willfully convey the exemplary embodiments to those of ordinary skill in theart. Moreover, all statements herein reciting embodiments, as well asspecific examples thereof, are intended to encompass both structural andfunctional equivalents thereof. Additionally, applicant(s) intend thatsuch equivalents include both currently known equivalents as well asequivalents developed in the future (i.e., any elements developed thatperform the same function, regardless of structure).

Thus, for example, those of ordinary skill in the art will appreciatethat the diagrams, schematics, illustrations, and the like representconceptual views or processes illustrating exemplary embodiments. Thefunctions of the various elements shown in the figures may be providedthrough the use of dedicated hardware as well as hardware capable ofexecuting associated software. Those of ordinary skill in the artfurther understand that exemplary hardware, software, processes,methods, and/or operating systems described herein are for illustrativepurposes and, thus, are not intended to be limited to any particularnamed manufacturer.

As used herein, the singular forms “a,” “an,” and “the” are intended toinclude the plural forms as well, unless expressly stated otherwise. Itwill be further understood that the terms “includes,” “comprises,”“including,” and/or “comprising,” when used in this specification,specify the presence of stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof. It will be understood thatwhen an element is referred to as being “connected” or “coupled” toanother element, it can be directly connected or coupled to the otherelement or intervening elements may be present. Furthermore, “connected”or “coupled” as used herein may include wirelessly connected or coupled.As used herein, the term “and/or” includes any and all combinations ofone or more of the associated listed items.

It will also be understood that, although the terms first, second, etc.may be used herein to describe various elements, these elements shouldnot be limited by these terms. These terms are only used to distinguishone element from another. For example, a first device could be termed asecond device, and, similarly, a second device could be termed a firstdevice without departing from the teachings of the disclosure.

FIGS. 1-4 are simplified schematics illustrating an environment in whichexemplary embodiments may be implemented. FIG. 1 illustrates automaticpairing of a wireless device 20 to a wireless network 24. The wirelessdevice 20, for simplicity, is illustrated as an electronic lock 22,which a customer likely purchases for some physical door or window in ahome or business. The wireless device 20, however, may be a tabletcomputer, a smartphone, a watch, or any other processor-controlleddevice, as later paragraphs will explain. Regardless, when the customerpurchases the wireless device 20, exemplary embodiments automaticallyprovision the wireless device 20 to the wireless network 24. That is,the wireless device 20 may be automatically configured for access to thecustomer's residential or business wireless network 24, with little orno manual effort. As this disclosure will explain, exemplary embodimentsautomatically retrieve security credentials 26 currently or permanentlyassigned to the wireless network 24. So, when the purchasing customerbrings the electronic lock 22 home, the customer need only “open thebox” and turn “on” its electrical power. The wireless network 24automatically recognizes the electronic lock 22, thus permitting nearlyimmediate installation, network communication, and operation. Thecustomer is relieved of a cumbersome manual configuration involvingnetwork identification and security passwords. The customer is alsorelieved of conventional schemes that use temporary passwords or othertemporary settings.

FIG. 2 illustrates a retail purchase. When the customer purchases theelectronic lock 22, an electronic purchase transaction (or “EPT”) 30 maybe generated. A point of sale terminal (or “POS”) 32, for example, maygenerate the electronic purchase transaction 30 at a bricks and mortarretail store. The electronic purchase transaction 30, however, mayalternatively be generated from an e-commerce website or server, aslater paragraphs will explain. Regardless, the electronic purchasetransaction 30 may uniquely identify the wireless device 20, such as bya stock keeping unit (or “SKU”) 34, model 36, and/or serial number 38associated with the electronic lock 22. The electronic purchasetransaction 30 may also uniquely identify the customer making thepurchase, perhaps using the customer's unique credit card number 40and/or unique cellular telephone number 42. The point of sale terminal32 sends the electronic purchase transaction 30 into a communicationsnetwork 44 for routing and delivery to a network address associated witha security server 50.

The security server 50 may automatically determine the securitycredentials 26. The security server 50 may store and maintain a database52 of customers. When the security server 50 receives the electronicpurchase transaction 30, the security server 50 may query the database52 of customers for entries associated with the purchasing customer. Forexample, the security server 50 may query the database 52 of customersfor the customer's unique credit card number 40 and/or the customer'sunique cellular telephone number 42. The database 52 of customers maythus store database associations between the customer's unique creditcard number 40, the customer's unique cellular telephone number 42, andthe security credentials 26 of the customer's business or residentialwireless network (illustrated as reference numeral 24 in FIG. 1). Forexample, the database 52 of customers may reveal a wireless fidelity (orWIFI®) network name (such as a service set identifier or “SSI” 54)and/or a network password 56 of the customer's wireless network 24.Exemplary embodiments may thus use the electronic purchase transaction30 to uniquely identify the security credentials 26 of the customer'swireless network 24.

FIG. 3 illustrates automatic pairing. Now that the security credentials26 are known, the electronic lock 22 may be automatically added to thecustomer's wireless network 24. The security server 50, for example, maysend a packetized security message 60 into the communications network 44for routing and delivery to a network address associated with an accessdevice 62 serving the customer's wireless network 24. FIG. 3 illustratesthe access device 62 as a wireless access router 64, but the accessdevice 62 may be any gateway, modem, or any other device, as laterexplained. The security message 60 may instruct the access device 62 torecognize and allow network access to the electronic lock 22. Becausethe security message 60 may also include the security credentials 26,the security message 60 may act as a proxy. The security message 60 mayinstruct or authorize the access device 62 to accept the securitycredentials 26 presented on behalf of the electronic lock 22. When theelectronic lock 22 is electrically powered, the electronic lock 22 mayestablish wireless communication with the access device 62 and be nearlyimmediately recognized by proxy. The access device 62 thus allowswireless access to the customer's wireless network 24, withoutadditional pairing steps.

Exemplary embodiments thus automate wireless pairing. Exemplaryembodiments may pair the wireless device 20 merely in response to thecustomer's purchase. Exemplary embodiments integrate purchase recordswith trusted, confidential customer information. Suppose, for example,that the customer purchases the wireless device 20 (e.g., the electroniclock 22) at a network provider's retail site (such as an AT&T® orVERIZON® store). Exemplary embodiments may thus marry purchase recordswith confidential billing records and/or network information, thussupporting automatic provisioning. As a further example, a new orexisting AT&T® DIGITAL LIFE® customer may purchase wireless devices andhave them automatically provisioned to the customer's wireless network24. Exemplary embodiments may also automatically pair purchases fromother retailers, such as BEST BUY® or any other retailer. Even mobilepayments and e-commerce website purchases may permit automaticprovisioning of wireless devices, as later paragraphs will explain.Indeed, whoever or whatever the seller, exemplary embodiments permitquick pairing based on the sale.

Exemplary embodiments reduce, or even eliminate, manual pairing.Conventional wireless devices must be manually paired to the customer'swireless network 24. Most often this manual pairing requires entry ofnetwork password, which is cumbersome for many customers and fraughtwith erroneous entries. Moreover, the manual pairing may also requiredownloading or updating software and creating credentials. Even a smalltypographic error may cause a failure in access, thus requiring atime-consuming call to technical help or even an expensive on-sitevisit. Exemplary embodiments, instead, automatically add the purchasedwireless device 20 to the customer's wireless network 24. The wirelessdevice 20, in other words, is automatically allowed access to thecustomer's wireless network 24, in response to the purchase. Noadditional pairing effort may be needed, such as identification and/orentry of the service set identifier (or “SSID”) and network password(illustrated, respectively, as reference numerals 54 and 56 in FIG. 2).The customer merely turns on the wireless device 20, thus causing thewireless device 20 to expose itself to the customer's wireless network24. The wireless device 20 is automatically and permanently paired withlittle or no effort. No change in the customer's security credentials 26is required, and no temporary measures are needed.

Automatic pairing, however, may have restrictions. Not just any entitymay have authority to obtain the security credentials 26 of thecustomer's wireless network 24. Perhaps only trusted partner entitieshave permission to retrieve the SSI 54 and/or the network password 56 ofthe customer's wireless network 24. For example, perhaps only a trustedor credentialed retailer may send the electronic purchase transaction 30to the security server 50. If the electronic purchase transaction 30does not originate from a known, recognized network address, then thesecurity server 50 may decline automatic pairing. The security server 50may thus inspect the electronic purchase transaction 30 for a networkaddress and match to a list of approved pairing partners. The electronicpurchase transaction 30 may additionally or alternatively be inspectedfor a required password, encryption, or other credential beforeautomatic pairing may proceed. Exemplary embodiments may thus onlypermit certain providers in the ecosystem to access the securitycredentials 26 and program the electronic lock 22, the security server50, and/or the access device 62. Unrecognized entities may thus beprevented from rogue pairings.

FIG. 3 illustrates automatic pairing. Now that the security credentials26 are known, the electronic lock 22 may be automatically added to thecustomer's wireless network 24. The security server 50, for example, maysend a packetized security message 60 into the communications network 44for routing and delivery to a network address associated with an accessdevice 62 serving the customer's wireless network 24. FIG. 3 illustratesthe access device 62 as a wireless access router 64, but the accessdevice 62 may be any gateway, modem, or any other device, as laterexplained. The security message 60 may instruct the access device 62 torecognize and allow network access to the electronic lock 22. Becausethe security message 60 may also include the security credentials 26,the security message 60 may act as a proxy. The security message 60 mayinstruct or authorize the access device 62 to accept the securitycredentials 26 presented on behalf of the electronic lock 22. When theelectronic lock 22 is electrically powered, the electronic lock 22 mayestablish wireless communication with the access device 62 and be nearlyimmediately recognized by proxy. The access device 62 thus allowswireless access to the customer's wireless network 24, withoutadditional pairing steps.

FIG. 4 illustrates a push pairing. Here exemplary embodiments may pushthe security credentials 26 directly to the electronic lock 22. That is,when the customer powers up the wireless device 20, the wireless device20 requests access to the customer's wireless network 24. Exemplaryembodiments may then retrieve and send, or “push,” the securitycredentials 26 to the electronic lock 22. As FIG. 4 illustrates, thesecurity server 50 may be informed when the electronic lock 22 exposesitself to the purchasing customer's wireless network 24. That is, whenthe electronic lock 22 is electrically powered and attempts or requestsaccess to the customer's wireless network 24, exemplary embodiments mayinform the security server 50. For example, the access device 62 maysend a packetized access notification 70 to the security server 50. Thewireless access router 64, for example, may store or execute code orprogramming that forces or commands the access notification 70 inresponse to any attempted access to the customer's wired or wirelessnetwork 24. The access notification 70 may thus alert the securityserver 50 to the attempted network access of the electronic lock 22. Theaccess notification 70 may further include information that uniquelyidentifies the requesting device, such as the SKU 34, the model number36, and/or the serial number 38.

The security server 50 may confirm the attempted access. When thesecurity server 50 receives the access notification 70, the securityserver 50 may query the database 52 of customers for the uniqueidentifier of the requesting device (such as the SKU 34, the modelnumber 36, and/or the serial number 38). The security server 50, inother words, may query to confirm the customer's purchase of theelectronic lock 22. The security server 50 may thus retrieve or matchthe database association between the electronic lock 22 and thecustomer's wireless network 24. If the database 52 of customers matchesan entry to the unique identifier of the electronic lock 22, then thesecurity server 50 may retrieve the corresponding security credentials26. The security server 50 may then send the security message 60directly to an address assigned to the electronic lock 22, thusautomatically providing the security credentials 26 of the customer'swireless network 24. Again, then, the user has merely powered on theelectronic lock 22 for automatic pairing. No manual configuration may beneeded. However, if no database association matches the uniqueidentifier of the electronic lock 22, then perhaps the purchase oridentity cannot be confirmed or authenticated. Exemplary embodiments maydecline automatic pairing, thus requiring manual configuration.

Exemplary embodiments may include other features. For example, once theunique cellular telephone number 42 is obtained, the customer's accountmay be determined (as this disclosure will further explain). Knowledgeof the user-customer, in other words, permits account association forapplication-level purposes. For example, once the user is known (perhapsusing the cellular telephone number 42), exemplary embodiments associatecontrol of the electronic lock 22 to only certain applications orservices. As one example, electronic or physical control of theelectronic lock 22 may be restricted to the customer's AT&T® DIGITALLIFE® account service, based on the cellular telephone number 42.However, exemplary embodiments may also yield control to other permittedapplications and services having a permissive association with thecellular telephone number 42. Moreover, exemplary embodiments may limitor extend control to other devices associated with the same customer(such as the customer's tablet, car, or watch sharing a common userprofile association).

FIGS. 5-7 are more detailed block diagrams illustrating the operatingenvironment, according to exemplary embodiments. The point of sale(“POS”) terminal 32 conducts or participates in the purchase of thewireless device 20 (again illustrated as the electronic lock 22). Thepoint of sale terminal 32 has a processor 80 (e.g., “μP”), applicationspecific integrated circuit (ASIC), or other component that executes aPOS algorithm 82 stored in a local memory 84. The POS algorithm 82instructs the processor 80 to perform operations, such as generatingand/or supplying information for the electronic purchase transaction (or“EPT”) 30. The electronic purchase transaction 30 may uniquely identifythe electronic lock 22 by its stock keeping unit (or “SKU”) 34, modelnumber 36, and/or serial number 38. The electronic purchase transaction30 may also uniquely identify the customer's credit card number 40, thedevice participating in the purchase (such as the cellular telephonenumber 42), or any other account information. The point of sale terminal32 may packetize electronic purchase transaction 30 into packets of dataaccording to a packet protocol, such as the Internet Protocol. Thepackets of data contain bits or bytes of data describing the contents,or payload, of a message. A header of each packet of data may containrouting information identifying an origination address and/or adestination address. The point of sale terminal 32 calls or invokes anetwork interface to send the electronic purchase transaction 30 intothe communications network 44 for routing and delivery to the networkaddress assigned to the security server 50. Exemplary embodiments maythus cause or instruct the point of sale terminal 32 to inform or notifythe security server 50 of the purchase of any or all wireless devices,such as the electronic lock 22.

The security server 50 may then obtain the customer's securitycredentials 26. The security server 50 has a processor 90 (e.g., “μP”),application specific integrated circuit (ASIC), or other component thatexecutes a server-side algorithm 92 stored in a local memory 94. Theserver-side algorithm 92 instructs the processor 90 to performoperations, such as querying the database 52 of customers for thecustomer's security credentials 26.

FIG. 6 illustrates the database 52 of customers. For simplicity thedatabase 52 of customers is illustrated as a table 100 that maps,relates, or associates different customers to their correspondingsecurity credentials 26 for one or more of their WIFI®, BLUETOOTH®, orother wireless networks. FIG. 6 illustrates the database 52 of customersas being locally stored in the memory 94 of the security server 50, butsome or all of the database entries may be remotely maintained at someother server or location in the communications network (illustrated asreference numeral 44 in FIG. 5). While FIG. 6 only illustrates a fewentries, in practice the database 52 of customers may contain manyentries for hundreds or even thousands of customers. For example, anentry may associate the customer's credit card number 40 and/or a uniquecellular identifier (such as the cellular telephone number 42) to thesecurity credentials 26 for her wireless network. When the securityserver 50 receives the electronic purchase transaction (or “EPT”) 30,the server-side algorithm 92 causes the processor 90 to query forcustomer's credit card number 40 and/or the unique cellular identifierdetailed or described in the electronic purchase transaction 30. If thedatabase 52 of customers contains a matching entry, the security server50 retrieves the customer's corresponding security credentials 26. FIG.6 thus illustrates the security server 50 retrieving the existingservice set identifier (or “SSID”) 54 and network password 56 of thecustomer's wireless network 24. The security server 50 may also retrievea network address 102 associated with the customer's wireless network24.

The database 52 of customers may be comprehensive. Many customers,subscribers, and/or users will elect to have their security credentials26 detailed in the database 52 of customers. Centralized storage andaccess permits the automatic pairing, which is a great convenience tomost people. Indeed, as wireless devices constantly improve, usersfrequently add and remove devices from their networks. Automatic pairingeases and simplifies the purchasing and installation process. Thedatabase 52 of customers may be a comprehensive and centralizedrepository of customer accounts, detailing a rich repository of customerprofiles, including their security credentials 26.

FIG. 7 illustrates network access. Now that the customer's securitycredentials 26 are known, exemplary embodiments may automaticallyauthorize wireless access for the wireless device 20. The securityserver 50 may send the security message 60 into the communicationsnetwork 44 for routing and delivery to the network address 102associated with customer's wireless network 24. FIG. 7 illustrates thesecurity message 60 routing to the access device 62 serving thecustomer's wireless network 24, such as the wireless access router 64.However, the access device 62 may be any network interface to an accessnetwork, such as a gateway, cable modem, or DSL modem. The networkaddress 102 may thus point to or identify whatever access device 62manages or allows access to the customer's wireless network 24.Regardless, the security message 60 may instruct the access device 62 torecognize and allow access to the electronic lock 22. Because thesecurity message 60 may identify or confirm the network securitycredentials 26, the security message 60 may act as a proxy. The securitymessage 60 may thus instruct or authorize the wireless access router 64to accept the security credentials 26 presented on behalf of theelectronic lock 22. When the electronic lock 22 exposes itself to thecustomer's wireless network 24, the wireless access router 64 may thusautomatically recognize the electronic lock 22 and permit wirelessaccess to the customer's wireless network 24, without additional pairingsteps.

Exemplary embodiments thus automate wireless pairing. Exemplaryembodiments pair the wireless device 20 merely in response to purchase.The database 52 of customers may be constructed and maintained tointegrate point of sale systems with trusted, confidential customerinformation. Suppose, for example, that the customer purchases thewireless device 20 (e.g., the electronic lock 22) at a networkprovider's retail site (such as an AT&T® or VERIZON® store). Exemplaryembodiments may thus marry purchase records with billing records and/ornetwork information to support automatic provisioning. As a furtherexample, a new or existing AT&T® DIGITAL LIFE® customer may purchasewireless devices and have them automatically provisioned to thecustomer's wireless network 24. Exemplary embodiments may alsoautomatically pair purchases from other retailers, such as BEST BUY® andany other retailer. Whatever the retailer, the point of sale terminal 32may inform the security server 50, thus permitting quick pairing basedon the sale.

FIGS. 8-9 are schematics illustrating mobile payment, according toexemplary embodiments. Here the customer's mobile device 110 mayparticipate in the pairing process. Suppose the customer uses hersmartphone 112 to purchase the electronic lock 22. The smartphone 112may thus notify the security server 50 of the purchase. The customer'ssmartphone 112, for example, may have a processor and memory (not shownfor simplicity) that stores and executes a software application 114.When the smartphone 112 participates in or conducts some purchasetransaction, the software application 114 causes the smartphone 112 towirelessly send a packetized electronic purchase notification (or “EPN”)116 into a wireless network for routing and delivery to the networkaddress associated with security server 50. The electronic purchasenotification 116 may uniquely identify the electronic lock 22 by itsstock keeping unit (or “SKU”) 34, model 36, and/or serial number 38,along with the customer's credit card number 40 and/or cellulartelephone number 42. When the security server 50 receives the electronicpurchase notification 116, the security server 50 may query the database52 of customers for the customer's corresponding security credentials26, as this disclosure explains. Exemplary embodiments may thenautomatically pair the electronic lock 22, again as this disclosureexplains. Exemplary embodiments may thus be utilized in the mobilee-commerce environment, where wireless devices are automatically pairedbased on purchases using the customer's mobile devices.

FIG. 9 further illustrates the database 52 of customers. Here thedatabase 52 of customers may further uniquely link the mobile device 110to each customer's network security credentials 26. FIG. 9, for example,illustrates the database 52 of customers including data representing thecustomer's unique cellular identifier, such as an International MobileSubscriber Identity (or “IMSI”) 120 or Mobile Station InternationalSubscriber Directory Number (“MSISDN”) 122. Whenever the mobile device110 sends messages or information, the mobile device 110 may self-reportits IMSI 120 and/or its MSISDN 122. The electronic purchase transaction30 and/or the electronic purchase notification 116 may thus uniquelyidentify the mobile device 110. The security server 50 may thus querythe database 52 of customers using either of these unique identifiers asa query term to retrieve the corresponding customer's securitycredentials 26.

Exemplary embodiments may thus be applied to any and all connecteddevices. That is, the wireless device 20 is automatically paired forcommunication with all other connected devices on the customer'swireless network 24. Moreover, exemplary embodiments may be applied toan application layer of the customer's wireless network 24, not just anaccess layer. Indeed, exemplary embodiments may be applied to anywireless network utilizing any networking standard or frequency, aslater paragraphs will explain. Exemplary embodiments may use thecustomer's unique cellular identifiers to reveal the customer's existingsecurity credentials 26.

FIG. 10 is a schematic further illustrating e-commerce pairing,according to exemplary embodiments. Here an e-commerce server 130 maynotify the security server 50 of online purchases. Many e-commercewebsites offer wireless, connected devices for purchase on a website.The customer's device (such as her smartphone 112) may receive one ormore web pages having website links to products for sale. When thecustomer selects her desired product for purchase (such as the wirelessdevice 20), the e-commerce server 130 may notify the security server 50of the customer's purchase. The e-commerce server 130, for example, maygenerate and send the electronic purchase transaction 30 to the networkaddress associated with the security server 50. The security server 50may thus be notified of the SKU 34, the model number 36, and/or theserial number 38, along with the customer's credit card number 40,cellular telephone number 42, IMSI 120, and/or MSISDN 122. When thesecurity server 50 receives the electronic purchase transaction 30, thesecurity server 50 may query the database 52 of customers and retrievethe customer's corresponding security credentials 26, as this disclosureexplains. Exemplary embodiments may then automatically pair theelectronic lock 22, again as this disclosure explains. Exemplaryembodiments may thus be further utilized in the e-commerce environment,where wireless devices are automatically paired based on websitepurchases.

Exemplary embodiments may be applied regardless of networkingenvironment. Exemplary embodiments may be easily adapted to stationaryor mobile devices having cellular, wireless fidelity (WI-FI®), nearfield, and/or BLUETOOTH® capability. Exemplary embodiments may beapplied to mobile devices utilizing any portion of the electromagneticspectrum and any signaling standard (such as the IEEE 802 family ofstandards, GSM/CDMA/TDMA or any cellular standard, and/or the ISM band).Exemplary embodiments, however, may be applied to anyprocessor-controlled device operating in the radio-frequency domainand/or the Internet Protocol (IP) domain. Exemplary embodiments may beapplied to any processor-controlled device utilizing a distributedcomputing network, such as the Internet (sometimes alternatively knownas the “World Wide Web”), an intranet, a local-area network (LAN),and/or a wide-area network (WAN). Exemplary embodiments may be appliedto any processor-controlled device utilizing power line technologies, inwhich signals are communicated via electrical wiring. Indeed, exemplaryembodiments may be applied regardless of physical componentry, physicalconfiguration, or communications standard(s).

Exemplary embodiments may be applied to other networking environments.The above paragraphs generally refer to the customer's residential orbusiness wireless network 24. Exemplary embodiments, however, may beapplied to any other wireless networks. For example, the user'ssmartphone 112 may establish BLUETOOTH® and/or WI-FI® communicationslinks with other devices or to other networks. The user's smartphone112, for example, may establish wireless communication with the securityserver 50 using cellular or WI-FI® communication. The user's smartphone112 may also establish a BLUETOOTH® connection to a nearby, proximatedevice. The user's smartphone 112 may pair with a vehicle in a hot spotnetworking environment (e.g., an LTE-enabled car).

Exemplary embodiments thus present a secure solution. Whenever thewireless network 24 is protected from unauthorized access, exemplaryembodiments reduce or eliminate pairing problems. The securitycredentials 26 may be safely provided to recognized devices, thuspreventing rogue access. No pre-configuration is necessary, and nostandardized protocol is required. Indeed, exemplary embodiments may beapplied to wireless fidelity (WI-FI®) roaming proposals (such as IEEE §802.11u), thus allowing networks and devices to advertise or broadcastcompliance with Hotspot 2.0 credentials. In other words, if a wirelessdevice complies with IEEE § 802.11u, the network's correspondingsecurity credentials 26 may be retrieved and shared, perhaps even if thewireless device is not recognized.

Exemplary embodiments may utilize any processing component,configuration, or system. Any processor could be multiple processors,which could include distributed processors or parallel processors in asingle machine or multiple machines. The processor can be used insupporting a virtual processing environment. The processor could includea state machine, application specific integrated circuit (ASIC),programmable gate array (PGA) including a Field PGA, or state machine.When any of the processors execute instructions to perform “operations”,this could include the processor performing the operations directlyand/or facilitating, directing, or cooperating with another device orcomponent to perform the operations.

FIGS. 11-13 are more schematics illustrating automatic pairing,according to exemplary embodiments. Here exemplary embodiments may logand verify the purchases associated with the customer. As an example,when the customer purchases the wireless device 20, the wireless device20 may be associated with the customer's profile in the database 52 ofcustomers. Later, when the wireless device 20 is exposed to thecustomer's wireless network 24, exemplary embodiments may verify thepurchase.

FIG. 11 illustrates the exposure. The customer opens the newly purchasedwireless device 20 and provides electrical power (such as by turning onor activating the electronic lock 22). When the wireless device 20 iselectrically powered, the wireless device 20 may request access to thecustomer's wireless network 24. Many wireless devices broadcast arequest that seeks wireless access to the customer's wireless network24. When the access device 62 receives the access request, the accessdevice 62 may notify the security server 50. For example, the accessdevice 62 may send the access notification 70 to the security server 50.Exemplary embodiments may thus alert the security server 50 to theattempted network access of the electronic lock 22. The accessnotification 70 may further include information that uniquely identifiesthe electronic lock 22, such as its SKU 34, model number 36, and/orserial number 38. The security server 50 may then query the database 52of customers to verify the wireless device 20.

FIG. 12 again illustrates the database 52 of customers. Here, though,the database 52 of customers may be expanded to contain deviceinformation. That is, the database 52 of customers may containadditional entries that log the connected devices purchased by thecustomer. Whenever the security server 50 receives the electronicpurchase transaction (“EPT”) 30 and/or the electronic purchasenotification (“EPN”) 116, the security server 50 may log each purchasein the database 52 of customers. That is, entries may be added fordatabase associations between the wireless device 20 (e.g., its SKU 34,model number 36, and/or serial number 38) and the customer's uniquecellular information (e.g., the IMSI 120 and/or the MSISDN 122). Thedatabase 52 of customers may thus inventory the membership or ownershipof the customer's devices. When the security server 50 receives theaccess notification 70, the security server 50 may then query to confirmthe customer's purchase of the electronic lock 22. The security server50, for example, queries for the wireless device 20 (e.g., its SKU 34,model number 36, and/or serial number 38) identified by the networkaddress 102 associated with the access device 62 (e.g., the accessrouter 64 illustrated in FIG. 11). If the SKU 34, model number 36,and/or serial number 38 match the database entries for the networkaddress 102, then the security server 50 may confirm the purchase of thewireless device 20 to the correct network address 102. The wirelessdevice 20, in other words, is requesting wireless access to the correctcustomer's wireless network 24.

FIG. 13 illustrates authorization. As the wireless device 20 matches thecustomer's wireless network 24, the server-side algorithm 92 confirmsthe purchase and authorizes retrieval of the corresponding securitycredentials 26. The security server 50 may then send the securitymessage 60 directly to the corresponding network address 102 of theaccess device 62. The access device 62 (such as the wireless accessrouter 64) may then accept the security credentials 26 via proxyauthorization (as explained with reference to FIG. 3). Or, the accessdevice 62 may forward route the security credentials 26 to the subnetmask IP address assigned to the wireless device 20. Regardless, thewireless device 20 is authorized for wireless access to the customer'swireless network 24. The access device 62 thus allows wireless access tothe customer's wireless network 24, without additional or temporarypairing steps. However, if no database association matches the uniqueidentifier (e.g., its SKU 34, model number 36, and/or serial number 38)of the electronic lock 22, then perhaps the purchase or identity cannotbe confirmed or authenticated. Exemplary embodiments may declineautomatic pairing, thus requiring manual configuration.

FIGS. 14-16 are more schematics further illustrating network access,according to exemplary embodiments. FIG. 14 illustrates a list 130 ofdevices that are permitted to access the customer's wireless network 24.The list 130 of devices may be generated by the security server 50,based on the purchase records logged in the database 52 of customers. Asthe customer purchases electronic devices, whether wired or wireless,those purchases may be tracked in the database 52 of customers (asearlier explained). The list 130 of devices may then be sent to anynetwork address for access and use. FIG. 14, for example, illustratesthe security server 50 sending the list 130 of devices into thecommunications network 44 for routing and delivery to the networkaddress 102 associated with the customer's access device 62 (such as thewireless access router 64). FIG. 15, however, illustrates the list 130of devices alternatively generated and maintained by the customer'saccess device 62. The access device 62 may update the list 130 deviceswith receipt of each security message 60 received from the securityserver 50. Regardless, the list 130 of devices may include or describeinformation of the wireless devices that are authorized to access thecustomer's wireless network 24. The list 130 of devices may thus be alog or “white” list of permitted devices. A wireless device not found inthe list 130 of devices may be denied access. The list 130 of devicesmay contain entries for the different wired and wireless devices havingaccess privileges, such as the SKU 34, the model number 36, and/or theserial number 38. Whenever the wireless device 20 requests access to thecustomer's wireless network 24, the list 130 of devices may thus alreadycontain an entry authorizing access. The access device 62 may query thelist 130 of devices for the SKU 34, the model number 36, and/or theserial number 38. If a match is determined, the access device 62 mayautomatically permit access, without requiring further information fromthe wireless device 20 (such as requiring a separate transmission of thesecurity credentials 26). The customer, then, merely opens the box andpowers up the wireless device 20. The wireless device 20 may thus bepermitted access, based on the matching presence of its SKU 34, modelnumber 34, and/or serial number 38 in the list 130 of devices.

FIG. 16 further illustrates the security credentials 26. If therequesting wireless device 20 is found on the list 130 of devices, thenexemplary embodiments may still require submission of the securitycredentials 26. That is, even if the wireless device 20 is authorized bythe security message 60, the access device 62 may still requiresubmission of the security credentials 26 prior to granting access. So,should the requesting wireless device 20 be matched to the list 130 ofdevices, the access device 62 may then send the security credentials 26in a packetized, electronic message to the wireless device 20. Theaccess device 62 may assign a network address (e.g., subnet mask IPaddress) to the wireless device 20. The access device 62 sends thesecurity credentials 26, thus allowing the wireless device 20 to returnself-submit the security credentials 26, thus completing a formal accessprocess or procedure. The wireless device 20 may thus submit the correctsecurity credentials 26 (such as the SSID 54 and/or the network password56) to formally request access to the customer's wireless network 24.Regardless, exemplary embodiments have thus automated the pairingprocess.

Exemplary embodiments thus present an automatic, customer-focusedpairing solution. Convention pairing schemes require a cumbersome manualentry of the security credentials 26. Schemes are also known thatrequire verbal submission of the security credentials 26. Exemplaryembodiments, instead, add a layer of abstraction that obtains the newlypurchased device characteristics (such as the SKU 34, the model number34, the serial number 38, or device name) and relate this information tothe purchasing customer's network configuration (derived from the uniqueinformation supplied by the customer's smartphone 112 or other cellulardevice). Further exemplary embodiments may await a provisioning filethat is constructed and downloaded to the wireless device 20 when it isactivated for the first time.

Automatic pairing may also be time based. Even if the wireless device 20is automatically paired, exemplary embodiments may still requireconfirmation of the security credentials 26. For example, after somelength of time (such as one week), exemplary embodiments may requireformal submission of the security credentials 26. That is, even thoughthe wireless device 20 may be matched to the list 130 of devices, thewireless access may be temporary. As an example, a timer may be invokedwhen the wireless device 20 is initially authorized for the customer'swireless network 24. The timer may be configured to count down or upfrom an initial value to a final value. When the timer expires,exemplary embodiments may deny further network access until the securitycredentials 26 are manually input. Exemplary embodiments may thus permitinitial access and use for a limited period of time, but securityconcerns may still require submission of the security credentials 26 ata later date.

Exemplary embodiments thus provide a higher layer of provisioning. Theelectronic lock 22 (or any other wireless device 20) is uniquelyidentified and associated with the customer's account. Pairing may beentirely performed when the wireless device 20 is exposed to thecustomer's wireless network 24. The purchased wireless device 20, inother words, is usually purchased in a boxed or packaged “off,”unpowered condition. However, when exposed to the purchasing customer'shome or business network 24, exemplary embodiments may commenceautomatic pairing. Exemplary embodiments may thus obtain an electronicbar code scan of a product label and automatically pair to thepurchasing customer's wireless network 24. However, if the wirelessdevice 20 is electrically powered “on” at purchase, the wireless device20 may still be paired to the purchasing customer's wireless network 24.The customer's security credentials 26, for example, may be pushed tothe wireless device 20, even if exposed to a different network (such asa retail store's WI-FI network or a cellular network).

FIG. 17 is a schematic illustrating credential updates, according toexemplary embodiments. As the reader may understand, some customers mayperiodically or randomly change their network password 56 (or othersecurity credentials 26). This change would conventionally requirereconfiguring each wireless device to the new security credentials 26.Exemplary embodiments, instead, may manage this change for the customer,thus implementing a global change. When the security credentials 26change, the security server 50 may be notified. FIG. 17, for example,illustrates a packetized change message 140 sent to the security server50. The change message 140 alerts the security server 50 to any changein the customer's security credentials 26. The change message 140, forexample, may contain bits or bytes describing updated securitycredentials 142 (such as a change in the customer's SSID 54 or networkpassword 56). While FIG. 17 illustrates the change message 140 sent fromthe access device 62, the change message 140 may be sent from any deviceor network address that is authorized to update the customer's securitycredentials 26. The change message 140 may cause the security server 50to update the database 52 of customers with the new or updated securitycredentials 142. Moreover, the security server 50 and/or the accessdevice 62 may also update or notify each device in the list 130 ofdevices with the new security credentials 26.

FIG. 18 is a schematic illustrating a security system 150, according toexemplary embodiments. Many homes and businesses have a securitycontroller 152 that receives inputs from one or more sensors 154,cameras 156, and other security components. The security controller 152monitors these inputs to determine alarm conditions, such as fire orintrusion alerts. Exemplary embodiments may thus be operationallyintegrated with the security system 150, thus further leveraging theprovisioning knowledge maintained for profiling and security efforts. AsFIG. 18 illustrates, here the security server 50 may store and maintaina very detailed profile 158 for each customer of the security system150. The database 52 of customers, in other words, may be expanded tostore and/or associate a rich profile description of each customer. Asan example, the database 52 of customers may maintain the profile 158 ofeach customer of AT&T's DIGITAL LIFE® service. The profile 158 may thusstore or associate security settings, HVAC settings, music and othercontent selections, specifications, and other detailed informationregarding the customer's home or business, including the networksecurity credentials 26. The network-connected security controller 152may thus communicate with the security server 50, even receiving thesecurity message 60 for automatic pairing of the wireless device 20, asabove explained. The customer may thus purchase new or additionalwireless sensors 154 and cameras 156 and have them automatically paired,as this disclosure explains.

FIGS. 19-23 are schematics illustrating further security solutions,according to exemplary embodiments. So far, mere possession of thecustomer's smartphone 112 may trigger automatic pairing to thecustomer's wireless network 24. That is, when the customer's smartphone112 is used to purchase the wireless device 20, the wireless device 20may be automatically paired to the customer's wireless network 24. Whilethis automatic pairing is very convenient for the customer, automaticpairing may present security concerns. For example, if the customer'ssmartphone 112 is stolen, the thief could purchase a tablet computer andhave it automatically paired, thus potentially providing nefariousnetwork access to the thief. As the reader may understand, the thief maythen have network access to the customer's sensitive electronicdocuments and information. Exemplary embodiments, then, may require abiometric input 160 to initiate or complete the pairing process. Thesecurity server 50, for example, may require a scan of a thumb orfinger, thus confirming authentication of the true customer associatedwith the security credentials 26. If the security server 50 cannotconfirm or match the biometric input 160, the automatic pairing mayabandon or fail.

FIG. 20 illustrates a pairing confirmation 170. Even though the wirelessdevice 20 has been purchased and perhaps automatically paired, somepairing confirmation 170 may still be required. As the above paragraphexplains, nefarious activity could expose the customer's sensitiveelectronic documents and information. A confirmation process, forexample, may be required using the customer's wireless network 24. Eventhough the customer may have purchased the wireless device 20, exemplaryembodiments may require the pairing confirmation 170 before automaticpairing begins or completes. Here, then, the pairing confirmation 170may require a permitted device in the customer's wireless network 24.That is, a connected device 172, using the customer's own wirelessnetwork 24, may be used for the pairing confirmation 170.

FIG. 20 illustrates one such confirmation. When the security server 50is notified of the electronic purchase transaction (or “EPT”) 30, thesecurity server 50 may generate a confirmation message 174. Theconfirmation message 174 is packetized and sent to the network address102 associated with the security credentials 26 (known from the databaseassociation in the database 52 of customers, as above explained). FIG.20 illustrates the confirmation message 174 routing to the customer'saccess device 62 in her wireless network 24. When the access device 62receives the confirmation message 174, the access device 62 may consultthe list 130 of devices. The list of devices may be the “white” list ofdevices that are permitted access to the customer's wireless network 24.The access device 62 may then broadcast or forward the confirmationmessage 174 into the customer's wireless network 24 to any one of thedevices or network addresses contained in the list 130 of devices.

One of the connected devices 172 may then generate a confirmationresponse 176. That is, the pairing confirmation 170 may requireconfirmation from a device in the list 130 of devices that is currentlyinterfaced with, and reachable using, the customer's wireless network24. The access device 62 may then forward the confirmation response 176into the communications network 24 for routing and delivery to thesecurity server 50. If the confirmation response 176 confirms thepairing, then automatic pairing may proceed. However, if theconfirmation response 176 denies the pairing, then exemplary embodimentsmay decline automatic pairing of the recently purchased wireless device20. Exemplary embodiments may thus reject or delete the databaseassociation in the database 52 of customers. Additionally, if the accessdevice 62 fails to receive the confirmation response 176, the accessdevice 62 may retry or simply abandon. Exemplary embodiments, then, mayrequire the pairing confirmation 170 prior to final acceptance of theautomatic pairing, thus perhaps thwarting potentially nefariousactivity.

FIG. 21 illustrates one or more exclusionary rules 180. As the aboveparagraphs explain, nefarious activity could expose the customer'ssensitive electronic documents and information. If the customer'ssmartphone 112 is stolen, the thief could make purchases and have nearlyimmediate access to the customer's wireless network 24. Electronicdocuments and sensitive information may thus be vulnerable. Exemplaryembodiments may thus include additional or alternative securityprecautions, such as the exclusionary rule 180. For example, the pairingconfirmation 170 may require confirmation from one of the other “older”or existing connected devices 172 in the list 130 of devices. That is,exemplary embodiments may exclude the newly purchased wireless device 20from the pairing confirmation 170. The confirmation message 174 may thusnot be sent into the wireless network 24 for delivery to the newlypurchased wireless device 20. Instead, the confirmation message 174 isonly sent or addressed to existing or older entries in the list 130 ofdevices. Each entry in the list 130 of devices may thus be associatedwith a timestamp 182. The timestamp 182 may represent any date and time,such as an original date/time of first access or any previous,historical access to the wireless network 24. Exemplary embodiments maythus select any one or all of the “older” or existing connected devices172 from which the confirmation response 176 must or may be received.So, not only must the confirmation response 176 be performed using theresidential or business wireless network 24, but exemplary embodimentsmay also exclude the newly purchased wireless device 20 from the pairingconfirmation 170. The thief may thus be prevented from using the newlypurchased wireless device 20 to access the wireless network 24.

FIG. 22 illustrates another exclusion. Exemplary embodiments may excludethe purchasing device from the pairing confirmation 170. That is,whatever device was used to participate in the electronic purchasetransaction 30, that same device may be excluded from confirming theautomatic pairing of the newly purchased wireless device 20. Suppose,for example, that the electronic purchase transaction 30 was conductedusing the smartphone 112. As a result, the electronic purchasetransaction 30 may identify the cellular telephone number 42, IMSI 120,and/or or MSISDN 122 used to make the purchase. When the security server50 is notified of the electronic purchase transaction 30, exemplaryembodiments may then exclude that same smartphone 112 from the pairingconfirmation 170. The security server 50 may generate the confirmationmessage 174 with information or content identifying the purchasingdevice (perhaps using the cellular telephone number 42, IMSI 120, and/oror MSISDN 122). When the access device 62 receives the confirmationmessage 174, the access device 62 may then exclude the purchasing devicefrom the confirmation message 174. That is, the confirmation message 174may not be sent or addressed to the smartphone 112 described in theelectronic purchase transaction 30. The confirmation response 176 mayalso be excluded from the smartphone 112 described in the electronicpurchase transaction 30. Exemplary embodiments may thus force thepairing confirmation 170 to exclude the cellular telephone number 42,IMSI 120, and/or or MSISDN 122 or network address associated with thepurchasing device. The thief, then, cannot use the user's stolensmartphone 112 to confirm the automatic pairing of the newly purchasedwireless device 20.

Exemplary embodiments may further exclude other networks from thepairing confirmation 170. The exclusionary rule 180 may haveconfiguration settings in which a user specifies whether or not theresidential or business WI-FI wireless network 24 is solely required forthe pairing confirmation 170. Exemplary embodiments, in other words, mayexclude a cellular or BLUETOOTH® network connection from confirming theautomatic pairing. Again, then, this exclusion may also prevent thethief from using the stolen smartphone 112 to confirm the automaticpairing of the newly purchased wireless device 20. Exemplary embodimentsmay thus force the pairing confirmation 170 to use the customer'swireless network 24 as a further security precaution.

Exemplary embodiments may thus implement any one or combination ofexclusions. Confirmation rules or settings may exclude the newlypurchased wireless device 20 from the pairing confirmation 170.Exemplary embodiments may additionally or alternatively exclude thepurchasing device, such as the smartphone 112. Exemplary embodiments mayadditionally or alternatively exclude any wide area and/or local areanetworks. Exemplary embodiments may thus force the pairing confirmation170 to use the wireless network 24 as a further security precaution. Thepairing confirmation 170 may also require use of a trusted one of thedevices in the list 130 of devices. Any one, combination, or all of thesecurity precautions may thwart nefarious access.

FIG. 23 illustrates further security precautions. As exemplaryembodiments may seamlessly integrate with the security system 150,additional features may be exploited to thwart nefarious access. Forexample, suppose the pairing confirmation 170 is attempted from a deviceor address not matched to the list 130 of devices. Exemplary embodimentsmay then command or instruct the security system 150 to begin capturingor storing video from a security camera. Indeed, if the attempted orfailed confirmation is detected using the customer's wireless network24, then perhaps a thief is in or near the home or business. Videooutput may thus help document and identify the thief. The securityserver 50 may thus send a security alert 190 to the security system 150,instructing or commanding the security system 150 to receive and storevideo data from the security camera 156. Moreover, exemplary embodimentsmay also generate and/or send notifications to one or more notificationaddresses, with each one of the notifications (e.g., text messages oremails) alerting to the attempted confirmation and/or a possibleintrusion. Indeed, exemplary embodiments may be used to predict physicalintrusion, based on a failed attempt to confirm the automatic pairing.As a thief may have possession of the stolen smartphone 112 (or otherdevice), the thief likely knows a street address and perhaps evenelectronic keys, codes, credit card numbers, and other sensitiveinformation. Friends and family may also be compromised, based oncontact information stored in the smartphone 112. Exemplary embodimentsmay thus similarly send electronic notifications to network addresses ofcontacts stored in the smartphone 112. Other security systems, then, maypredict nefarious activity and even physical intrusion, based on receiptof a notification. Exemplary embodiments may further alert police andother emergency officials to predicted intrusions and/or nefariousnetwork access. Moreover, if the pairing confirmation 170 fails, thesecurity server 50 may send a location command to the purchasing deviceand/or the recently purchased wireless device 20, instructing eitherdevice to activate a global positioning system and report its currentGPS location. Any one, combination, or all of these security precautionsmay further thwart nefarious access.

FIG. 24 is a flowchart illustrating an algorithm for automatic pairing,according to exemplary embodiments. The electronic purchase transaction30 is generated (Block 200). The security server 50 is notified of theelectronic purchase transaction 30 (Block 202). A query is made for thecellular telephone number (“CTN”) 42, IMSI 120, and/or or MSISDN 122(Block 204). The corresponding security credentials 26 are retrieved(Block 206) and sent to the corresponding network address 102 (Block208). The security credentials 26 are used to automatically pair awireless device to the wireless network 24 (Block 210).

FIG. 25 is a schematic illustrating still more exemplary embodiments.FIG. 25 is a more detailed diagram illustrating a processor-controlleddevice 400. As earlier paragraphs explained, the POS algorithm 82, theserver-side algorithm 92, and/or the algorithm 114 may partially orentirely operate in any mobile or stationary processor-controlleddevice. FIG. 25, then, illustrates the POS algorithm 82, the server-sidealgorithm 92, and/or the algorithm 114 stored in a memory subsystem ofthe processor-controlled device 400. One or more processors communicatewith the memory subsystem and execute either, some, or all applications.Because the processor-controlled device 400 is well known to those ofordinary skill in the art, no further explanation is needed.

FIG. 26 depicts other possible operating environments for additionalaspects of the exemplary embodiments. FIG. 26 illustrates the POSalgorithm 82, the server-side algorithm 92, and/or the algorithm 114operating within various other processor-controlled devices 400. FIG.26, for example, illustrates that the POS algorithm 82, the server-sidealgorithm 92, and/or the algorithm 114 may entirely or partially operatewithin a set-top box (“STB”) (402), a personal/digital video recorder(PVR/DVR) 404, a Global Positioning System (GPS) device 408, aninteractive television 410, a tablet computer 412, or any computersystem, communications device, or processor-controlled device utilizingany of the processors above described and/or a digital signal processor(DP/DSP) 414. The device 400 may also include watches, radios, vehicleelectronics, clocks, printers, gateways, mobile/implantable medicaldevices, and other apparatuses and systems. Because the architecture andoperating principles of the various devices 400 are well known, thehardware and software componentry of the various devices 400 are notfurther shown and described.

Exemplary embodiments may be physically embodied on or in acomputer-readable storage medium. This computer-readable medium, forexample, may include CD-ROM, DVD, tape, cassette, floppy disk, opticaldisk, memory card, memory drive, and large-capacity disks. Thiscomputer-readable medium, or media, could be distributed toend-subscribers, licensees, and assignees. A computer program productcomprises processor-executable instructions for automatic pairing, asthe above paragraphs explained.

While the exemplary embodiments have been described with respect tovarious features, aspects, and embodiments, those skilled and unskilledin the art will recognize the exemplary embodiments are not so limited.Other variations, modifications, and alternative embodiments may be madewithout departing from the spirit and scope of the exemplaryembodiments.

The invention claimed is:
 1. Network equipment, comprising: a processor;and a memory that stores instructions that, when executed by theprocessor, facilitates performance of operations, comprising: receivingan access notification from a router that establishes wirelessconnectivity to a network, the access notification specifying a userdevice identifier associated with a user device requesting access to thenetwork; determining a security credential based on querying a datastore for the user device identifier, wherein the data store comprisesassociations of groups of identifiers to security credentials comprisingthe security credential that is associated with the user deviceidentifier of the groups of identifiers, wherein the groups ofidentifiers comprise stock keeping unit data associated with the userdevice and international mobile subscriber identity data associated withthe user device; and sending a proxy instruction to the router, theproxy instruction specifying the security credential and instructing therouter to accept the security credential presented as a proxy on behalfof the user device requesting the access to the network.
 2. The networkequipment of claim 1, wherein the operations further comprise receivinga confirmation of a purchase associated with the user device.
 3. Thenetwork equipment of claim 1, wherein the operations further compriseprocessing an electronic purchase transaction associated with the userdevice.
 4. The network equipment of claim 1, wherein the operationsfurther comprise receiving an electronic purchase transaction associatedwith the user device.
 5. The network equipment of claim 1, wherein theoperations further comprise identifying a credit card number that isassociated with the user device identifier associated with the userdevice.
 6. The network equipment of claim 1, wherein the operationsfurther comprise identifying a credit card number that is associatedwith the security credential.
 7. The network equipment of claim 1,wherein the operations further comprise retrieving a service setidentifier that is associated with the user device identifier specifiedby the access notification.
 8. The network equipment of claim 1, whereinthe operations further comprise retrieving a network password that isassociated with the user device identifier specified by the accessnotification.
 9. A method, comprising: receiving, by network equipmentcomprising a processor, an access notification from an access devicethat facilitates creation of a network, the access notificationspecifying a user smartphone identifier associated with a usersmartphone requesting access to the network; querying, by the networkequipment, a database for the user smartphone identifier specified bythe access notification, the database comprising associations betweengroups of identifiers associated with the user smartphone and groups ofsecurity credentials associated with the user smartphone, wherein thegroups of identifiers comprises stock keeping unit data associated withthe user smartphone and mobile station international subscriberdirectory number data associated with the user smartphone; determining,by the network equipment, the groups of security credentials in thedatabase that are associated with the user smartphone identifierspecified by the access notification; and sending, by the networkequipment, a proxy instruction to the access device, the proxyinstruction specifying a security credential of the groups of securitycredentials and instructing the access device to accept the securitycredential presented as a proxy on behalf of the user smartphonerequesting the access to the network.
 10. The method of claim 9, furthercomprising receiving, by the network equipment, a confirmation of apurchase associated with the user smartphone.
 11. The method of claim 9,further comprising processing, by the network equipment, an electronicpurchase transaction associated with the user smartphone.
 12. The methodof claim 9, further comprising receiving, by the network equipment, anelectronic purchase transaction associated with the user smartphone. 13.The method of claim 9, further comprising identifying, by the networkequipment, a credit card number that is associated with the usersmartphone identifier associated with the user smartphone.
 14. Themethod of claim 9, further comprising identifying, by the networkequipment, a credit card number that is associated with the usersmartphone.
 15. The method of claim 9, further comprising retrieving, bythe network equipment, a service set identifier that is associated withthe user smartphone identifier specified by the access notification. 16.The method of claim 9, further comprising retrieving, by the networkequipment, a network password that is associated with the usersmartphone identifier specified by the access notification.
 17. Anon-transitory computer readable medium that stores instructions that,when executed by a processor, cause performance of operations,comprising: receiving, from a router, an access notification, whereinthe access notification comprises a mobile device identifier associatedwith a mobile device requesting access to a network maintained by therouter; querying a database for the mobile device identifier, whereinthe database maintains associations between groups of identifiers andgroups of security credentials based on the mobile device identifier,wherein the groups of identifiers comprises stock keeping unit dataassociated with the mobile device and mobile station internationalsubscriber directory number data associated with the mobile device;determining a security credential of the groups of security credentialsbased on the mobile device identifier; and sending a proxy instructionto the router, wherein the proxy instruction specifying the securitycredential and instructing the router to accept the security credentialpresented by a proxy on behalf of the mobile device requesting access tothe network.
 18. The non-transitory computer readable medium of claim17, wherein the operations further comprise receiving a confirmation ofa purchase associated with the mobile device.
 19. The non-transitorycomputer readable medium of claim 17, wherein the operations furthercomprise processing an electronic purchase transaction associated withthe mobile device.
 20. The non-transitory computer readable medium ofclaim 17, wherein the operations further comprise retrieving at leastone of a service set identifier and a network password associated withthe network.